Updated on 2022-12-01 GMT+08:00

Buying a CCE Cluster

On the CCE console, you can easily create Kubernetes clusters. Kubernetes can manage container clusters at scale. A cluster manages a group of node resources.

In CCE, you can create a CCE cluster to manage both VMs and bare metal servers (BMSs) as nodes, and heterogeneous nodes that are GPU-enabled and NPU-enabled. By using high-performance network models, hybrid clusters provide a multi-scenario, secure, and stable runtime environment for containers.

Notes and Constraints

  • During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
  • You can create a maximum of 50 clusters in a single region. If more clusters are required, you can click here to increase your quota.
  • After a cluster is created, the following items cannot be changed:
    • Cluster type
    • Number of master nodes in the cluster
    • AZ of a master node
    • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings
    • Network model. For example, change Tunnel network to VPC network.


  1. Log in to the CCE console. Choose Clusters. On the displayed page, click Buy next to CCE cluster.
  2. Set cluster parameters.

    Basic Settings
    • Cluster Name
    • Enterprise Project:

      This parameter is displayed only for enterprise users who have enabled the enterprise project function.

      After an enterprise project (for example, default) is selected, the cluster, nodes in the cluster, cluster security groups, node security groups, and elastic IPs (EIPs) of the automatically created nodes will be created in this enterprise project. After a cluster is created, you are advised not to modify the enterprise projects of nodes, cluster security groups, and node security groups in the cluster.

      An enterprise project facilitates project-level management and grouping of cloud resources and users. For more information, see Enterprise Management.

    • Cluster Version: Select the Kubernetes version used by the cluster.
    • Cluster Scale: maximum number of nodes that can be managed by the cluster. After the creation is complete, only scale-out is supported, but not scale-in.
    • HA: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.
      You can also expand advanced settings and customize the master node distribution mode. The following three modes are supported:
      • AZ: Master nodes are created in different AZs.
      • Custom: Customize the location of each controller node.
        • Host: Master nodes are created on different hosts in the same AZ.
        • Custom: You can determine the location of each master node.

    Network Settings

    The cluster network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.

    • Network Model: CCE clusters support VPC network and tunnel network models. For details, see VPC Network and Container Tunnel Network.
    • VPC: Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The VPC cannot be changed after creation. The IPv4/IPv6 dual stack is available for CCE clusters of v1.15 and later. For details, see Creating an IPv4/IPv6 Dual-Stack Cluster in CCE.
    • Master Node Subnet: Select the subnet where the master node is deployed. If no subnet is available, click Create Subnet to create one. The subnet cannot be changed after creation.
    • Container CIDR Block: Set the CIDR block used by containers. Multiple container CIDR blocks can be added to the VPC network model after a cluster is created.
    • Service CIDR Block: CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.

    Advanced Settings

    • Request Forwarding: The IPVS and iptables modes are supported. For details, see Comparing iptables and IPVS.
    • CPU Manager: For details, see Binding CPU Cores.
    • Resource Tag:

      You can add resource tags to classify resources.

      You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use predefined tags to improve tag creation and migration efficiency. For details, see Creating Predefined Tags.

      Key Specifications

      • Cannot be empty. Contains 1 to 128 single-byte characters.
      • Do not enter labels starting with _sys_, which are system labels.
      • Can contain UTF-8 letters (including Chinese characters), digits, spaces, and the following characters: _. : / = + - @

        Recommended regular expression: ^((?!_sys_)[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)$

      Value Specifications

      • Can contain up to 255 characters.
      • Can contain UTF-8 letters (including Chinese characters), digits, spaces, and the following characters: _. : / = + - @

        Recommended regular expression: ^([\p{L}\p{Z}\p{N}_.:\/=+\-@]*)$

      • The value can be empty or null.
      • The value of a predefined tag cannot be empty or null.
    • Default Node Security Group: You can use the security group automatically generated by CCE or select an existing security group.

      The default node security group needs to allow access from certain ports to ensure normal communication. Otherwise, the node cannot to be created. For details about how to configure security group ports, see Configuring CCE Cluster Security Group Rules.

    • Certificate Authentication:
      • Default: The X509-based authentication mode is enabled by default. X509 is a commonly used certificate format.
      • Custom: The cluster can identify users based on the header in the request body for authentication.

        You need to upload your CA root certificate, client certificate, and private key of the client certificate.

        • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
        • The validity period of the client certificate must be longer than five years.
        • The uploaded CA certificate is used for both the authentication proxy and the kube-apiserver aggregation layer configuration. If the certificate is invalid, the cluster cannot be created.
    • Manage:

      Overload control (supported by clusters of v1.23 or later): After overload control is enabled, the number of concurrent requests is dynamically adjusted according to the available resources to maintain the reliability of master nodes and clusters.

  3. After the parameters are specified, the cluster resource list is displayed on the right. Review the configuration and select a payment mode and required duration.

    • Pay-per-use: Click Submit.
    • Yearly/Monthly: Click Pay Now. On the page displayed, click Pay.

    It takes about 6 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.

Related Operations